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(54) A protection method in a mobile communication system 



(57) A protection nnethod according to the present 
invention in a mobile communication system is charac- 
terized in that it includes an authentication procedure, 
which is initiated by mobile equipment (MS) independ- 
ently of a networic (NETWORK), which is controlled by 
the mobile equipment, and in which a decision to set up 
a connection is made in the mobile equipment. The mo- 
bile equipment generates a random number (RAN 03) 
and signals (31 ) it to the network. Then, both the mobile 
equipment and the network use an authentication algo- 



rithm (32a, 32b) to calculate corresponding results 
(MSARD, NETRD) from the random number (RAND3) 
and an authentication code (A-KEY). The network sig- 
nals (33) its result (NETRD) to the mobile equipment, in 
which the results are compared with each other (34). 
and a decision is made regarding formation of a con- 
nectran. The protection method also advantageously in- 
cludes an authenticatran procedure accordinq to the pri- 
or art, controlled by the network, for the purpose of ver- 
ifying the right of the subscriber to use the network. 
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Description 

The present invention relates to a protection meth- 
od in a mobile communication system, and particularly 
a protection method in which an authentication proce- 
dure may be performed. 

Good protection is thought to be one of the major 
benefits of new mobile communication systems, such 
as GSM. Authentication, ciphering and protection of the 
subscriber's Identity are the basic features of protection. 
To these may be added verification of the Identity of mo- 
bile equipment by a network. 

The main purpose of authentication is to verify that 
a user is a registered subscriber with the right to use a 
system. Authentication is based on a ciphered code, 
which is located in a subscriber's SIM module on the 
one hand, and in a network as subscriber-specific data 
in a home location register on the other hand. Said ci- 
phered code is never transmitted using radio or other 
network connections, and it Is practically impossible to 
intercept the code. Therefore, it has also been held 
nearly impossible to penetrate the protection provided 
by authentication. Certain known authentk;ation proce- 
dures are examined in more detail later. 

In new nnobile communication systems, ciphering 
of data or speech is usually realized In the same manner 
as authentication, by means of ciphered information, a 
ciphering key. stored in a subscriber's SIM module or 
similar device on the one hand, and in the subscriber's 
home locatk:>n register in a network on the other hand. 
Ciphering is not enabled while a connect k^n is being set 
up. but normally it is enabled before any data, such as 
speech, is transmitted. To prevent a subscriber's loca- 
tion from being identified by listening to control channels 
during the set-up phase, when ciphering is not yet ena- 
bled, a temporary mobile subscriber identity, which is 
assigned to the subscriber by the network white the sub- 
scriber's kx:atk>n is being registered, is used for signal- 
ling in place of the international mobile subscriber kJen- 
tity. 

In said GSM system, for example, ciphering is car- 
ried out in a subscriber-initiated call as follows. After 
identifying the subscriber, the network sends an authen- 
tication request and checks the response received from 
the mobile station. Next, the network checks the identity 
of the mobile station. Then, ciphering is normally ena- 
bled by means of signalling begun by a command from 
the network. Once the ciphering is enabled, formation 
of an actual communication connection is started, and 
reception of ciphered speech or data begins when the 
connection is made. It should be noted that all the pro- 
tective measures mentioned atx>ve are typically control- 
led by the network in a digital mobile communication 
system, and the network makes decisions regarding the 
measures. Furthermore, they are optional measures, 
whch the network may skip and still set up a connection. 

Two known authenticatbn procedures are exam- 
ined in the folk>wing with references to figures 1 arKj 2. 
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Figure 1 presents a diagram of a procedure similar to 
that used In the GSM system, for example, and figure 2 
presents a diagram of a procedure similar to that used 
in the American IS-136 system. The names of the sig- 

s nals, data fiekis, numbers, cateulation results, etc. in the 
diagrams are not names that are used In any system, 
but rather they are suitable names chosen for explana- 
tory purposes. In the diagrams of figures 1 and 2, the 
top left side labeled MS represents a mobile subscriber 

10 and mobile equipment, and the top right skie labeled 
NETWORK represents a nxDbile communication net- 
work. In the example of figure 1 . authentication is started 
by means of an authentication request message AU- 
THREQ indicated by reference number 1 . sent by the 

IS network. The message includes a random number 
RAND, shown in parentheses below the name of the 
message. An authentication code or key A-KEY is 
stored in the SIM card in the mobile equipment. The 
same code and other data related to the subscriber are 

20 stored in the network, where they are available to the 
subscriber's home location register and an authentica- 
tion center. Identical authentication algorithms, corre- 
spondingly 2a and 2b, are realized in both the mobile 
subscriber's SIM card arKi the mobile communicatkNn 

2S network. Said random number RAND and authentica- 
tion key A-KEY are entered into both authentication al- 
gorithms. By means of the algorithm, a result MSRES 
is obtained on the subscriber side and a result ACRES 
on the network side. An authenticatk^n response mes- 

30 sage AUTHRESR which is indicated by reference 
number 3 and Includes said result MSRES in its data 
field, is sent by the mobile equipment. The obtained re- 
sults MSRES and ACRES are compared on the network 
side in a manner indicated by reference number 4, and 
the subscriber authentication is successful if the results 
are the same. If the resu Its are not the same, the network 
may disconnect the connection set-up. 

In figure 2. in the sinnplified presentation of an au- 
thentication process similar to that used in an IS-136 

40 system, authent'cation also begins with an authentica- 
tion command AUTHORD sent by the network side, in- 
dicated by reference number 11 and including a random 
number RAND1. In the same manner as described in 
the above method, said random number and the authen- 

45 tication key A-KEY of said subscriber are entered into 
authentication algorithms, correspondingly 12a and 
1 2b. on both the mobile subscriber side and the network 
skie. Equivalent results are obtained, MSRES1 on the 
subscriber skie and ACRES1 on the network side. Fur- 

so thermore, a second authentication algorithm B exists on 
the both subscriber and network sides, correspondingly 
15a and 15b. into which said results MSRES1 and 
ACRES1 are entered. Additionally, a second random 
number RAND2 is generated on the mobile subscriber 

55 side in the manner indicated by reference number 1 2. 
Said second random number is sent to the network side 
in a message BSAORD. which is indicated by reference 
number 14. This random number is entered into algo- 
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rithm B together with the result obtained from algorithm 
A. correspondingly MSRES1 and ACRESi . Results are 
obtained from algorithm B on the subscriber and net- 
work sides, correspondingly MSRSD and BSRSD, and 
the result obtained on the network side is sent to the s 
mobile equipment side in a message BSACONR The 
results MSRSD and BSRSD are compared on the mo- 
bile equipment side in the manner indicated by refer- 
ence number 17, and the result of the comparison, data 
that indicates successful or unsuccessful authentica- io 
tion. is sent to the network in an authentication confir- 
mation message AUTHCONF. indicated by reference 
number 18. 

An example of a problem is presented in the follow- 
ing, with references to figures 3 and 4, which is an ex- is 
ample of a system which may apparently be used to 
penetrate the protectk^n in a mobile communication sys- 
tem that uses authentication methods according to the 
prior art The example is not only theoretical, but rather 
it may be deduced from certain publicly presented infor- 20 
mation that this type of arrangement has already been 
realized. The arrangement is based on the creation of 
a false cell. 

Figure 3 presents a diagram of a typical cell struc- 
ture 6 of a mobile communication system, including cells 2S 
CI ... C8. Reference number 7 indk:ates a false cell cre- 
ated inside a cell C2, in which T is the false cell's station, 
which represents a base station or a network, and A is 
a mobile subscriber that will be tapped. 

Figure 4 presents the imagined tapping arrange- 30 
ment T in more detail, indicated by reference number 
22. The arrangement includes a network simulator 23 
and ordinary mobile equipment 24. Sakj mobile equip- 
ment operates in a mobile communication system and 
contains a SIM module SIM T belonging to a registered 3S 
subscriber, and a valid equipment identity IMEt T. The 
network simulator may be a device intended for devel- 
opment and testing, for example, which simulates a mo- 
bile communk^tion network and which is available from 
manufacturers of data communication instruments. The 40 
network simulator 23 is connected to the mobile equip- 
ment 24 by means of a connection 25. Said network sim- 
ulator may be replaced by another similar device, such 
as base station equipment of sakJ mobile communica- 
tion system, modified for this purpose, or a protocol 45 
adapter suitable tor this purpose. 

The arrangement 22 may be used as folkDWS. It is 
set up to appear as a neighboring cell of cell C2, advan- 
tageously a sufficiently distant neighbor, such as cell C8 
or CI . Then, the field strength of this false cell T is main- so 
tained stronger than the field strength of authentic net- 
work cells detected by mobile equipment A. whk:h will 
be tapped. When mobile equipment A begins to set up 
a connection for a call or a data transmission, the most 
powerful base station, false cell T, receives a request for ss 
a channel. It is characteristic of a digital mobile commu- 
nication system that the network controls events after 
the first signals have been exchanged. 
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Therefore, the network simulator may simply skip 
authentication or perform the signalling required for au- 
thentication and continue setting up the connection as 
if authentication were successfully completed. The net- 
work simulator may also disable ciphering. This ensures 
that a connection is made between the arrangement 22 
and the mobile station 21, and that unclphered speech 
or data is transmitted by means of said connection. 

In relation to the real rTK>bite communk:ation net-- 
work, arrangement 22 appears and f unctions.as mobile 
equipment by using and posing as PDobile equipment 24. 
The network simulator or equivalent device 23 functions 
as a protocol adapter, and the mobile station 24 forms 
a connection to the location in the real network that sub- 
scriber A wishes to be connected to. The real network 
performs authentrcatlon and other protective measures 
through base station 20 by communicating with mobile 
station 24. No problems arise because mobile station 
24 is a device that is approved In the system and oper- 
ated by a registered subscriber. Subscriber T is authen- 
ticated and ciphered speech or data Is transmitted and 
received along a connection made between the network 
base station 20 and the device 24. Speech or data re- 
ceived by mobile station 24 is deciphered, therefore un- 
ciphered data is transmitted in lx)th directions ak>ng the 
connectk^n between the network simulator 23 and the 
mobile station 24. Therefore, it is easy to listen tO: or it 
may be recorded on a tape recorder 26, for example. 

All in all, subscriber A, or mobile equipment 21 , only 
connmunicates with the false station 22. or station T. and 
not with the real network. On the other hand, the network 
only sees an ordinary connection to subscriber T and 
the mobile equipment 24 operated by said subscriber. 
It should be noted that, without the knowledge of sub- 
scriber A, false station 22 is also capable of making a 
connection elsewhere than to a place where subscriber 
A wishes, which increases the possibilities of misuse. 
Furthermore, as soon as a dedicated channel is indicat- 
ed, false base station 22 may ensure that the connection 
is preserved, for example, by sending mobile station 21 
a list of neighbors that contains no neighbors. A connec- 
tion to the false base station is preserved even though 
the field strength becomes weak, because the mobile 
equipment does not know of any alternative neighbors. 

The purpose of the present inventkxi is to produce 
a protection method that eliminates the problems de- 
scribed atx>ve, or other similar problems. 

To achieve said purpose, a protection method ac- 
cording to the present inventkxi in a mobile communi- 
cation system, where connections are set up between 
mobile equipment operated by a subscriber, and a net- 
work, and where: 

the subscriber has a ciphered authenticatkMi coda, 
which Is known by the mobile equipment on the one 
hand and by the network on the other hand, and 
an authentk:at bn procedure may be performed in 
which the equivalence of the ciphered codes known 
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by the mobile equipment and the network is verified, 
and a decision to set up a connection is based on 
said verificatbn. 

is characterized in that said method includes an authen- 
tication procedure 

which the mobile equipment Initiates Independently 
of the network, 

which Is controlled by the mobile equipment, 
and in which a decision to set up a connection Is 
made by the mobile equipment. 

An advantageous embodiment of the protection 
method according to the present Invention Includes 
steps In which: 

the mobile equipment generates a random number 
and signals It to the network, 
both the mobile equipment and the network use the 
ciphered code and the random number to cak:ulate 
corresponding resulting numbers, 
the network signals Its resulting number to the mo- 
bite equipment and 

the resulting numbers are compared and the deci- 
sion to set up a connection is made In the mobile 
equipment, based on the comparison. 

In an advantageous embodiment of the present in- 
vention, the protectk>n method also includes an authen- 
tication procedure, which is controlled by the network, 
and In which the network makes the decision to set up 
a connectbn. 

The present lnventk)n and certain of its embodi- 
ments are described bek>w In more detail, with referenc- 
es to the encbsed drawings. 

Figure 1 presents a diagram of an authentk:ation 
procedure according to the prior art. 

Figure 2 presents a simplified diagram of another 
authentk:ation procedure according to the prior art, 

Figures 3 and 4 diagrammatlcally present an exam- 
ple of a problem; an example of an arrangement 
whrch may penetrate protection provided by au- 
thentk:ation procedures of the prk^r art, and 

Figure 5 presents a diagram of an embodiment of 
a protectk>n method according to the present inven- 
tk>n. 

The prior art presented by figures 1 and 2 and an 
example problem illustrated by figures 3 and 4 are ex- 
plained above In detail. 

An embodiment of an authentk^ation procedure be- 
longing to a protection method according to the present 
inventk>n Is explained bek>w with references to figure 5. 
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As shown by reference number 31, the procedure be- 
gins when mobile equipment MS sends a request for 
authentlcatbn to a network NETWORK, a message that 
includes a random number RAND3 generated in the mo- 

5 bile equipment. In both the mobile equipment and the 
network, identrcal authentication algorithms, corre- 
spondingly 32a and 32b, are used to calculate equiva- 
lent results MSARD and NETRD from the random 
number and the subscriber's authentication code or key 

10 A-KEY, which is known by both. Then, the network 
sends a response message AUTHRED. indicated by 
reference number 33, which Includes the result NETRD 
In its data field. The results MSARD and NETRD are 
compared with each other in the mobile equipment, as 

^5 indicated by reference number 34. Authenticatk^n Is 
successful if the results are the same, and the mobile 
equipment procedes to make a connection. It the results 
are not the same, the mobile equipment may decide to 
Interrupt connectkvi-maklng. 

20 It IS essential and important in the authentication 
procedure according to the present invention that the 
mobile equipment initiates the authentication, inde- 
pendently of the network, and also controls the entire 
procedure, finally making a decision whether or not to 

2S continue making the connection, based on the result of 
the authentication. Authentication may be advanta- 
geously performed using a subscriber-specific authen- 
ticatk)n code, whk^h naturally is originally intended to en- 
sure that the subscriber is registered and has the right 

30 to use the network. In the procedure according to the 
present invention, the mobile equipment uses the same 
code to verify that it is truly communicating with a real 
network. i.e., a network that has the subscriber's identi- 
fying Information, including an authentication code or 

35 key. This prevents penetratbn of the protectbn in the 
manner illustrated In the example problem above. In 
which the network also controls performance of the pro- 
tection method, whereupon it becomes possible to use 
a false network. 

^ It should be noted that the authentication procedure 
according to the present Invention only guarantees that 
the network is real. Verification of the user rights of the 
subscriber also requires authentk^atton controlled by the 
network skle. Therefore, the protection method accord- 

^ ing to the present invention advantageously also in- 
cludes a network-controlled authentication procedure, 
which may be an authentication according to the prior 
art (e.g., as shown in figure 1). for example, performed 
before or after the authentication controlled by the mo- 

50 bile equipment. 

Naturally, the present invention is not limited to the 
embodiments described above, but rather it may vary 
within the scope of the enclosed claims. 



Claims 

1. A protection method in a mobile communicatk)n 
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system, where connections are set up between mo- 
bile equipment (MS) operated by a subscriber, and 
a network (NETWORK), and where: 

the subscriber has a ciphered authentication s 
code (A-KEY). which is known by the nrobile 
equipment on the one hand, and by the network 
on the other hand, and 

an authentication procedure may be performed 
in which the equivalence of the ciphered codes io 
known by the mobile equipment and the net- 
work is verified, and a decision to set up a con- 
nectbn may be made based on said verifica- 
tion, 

IS 

is characterized in that satd method includes an 
authentication procedure 

which the mobile equipment (MS) initiates in- 
dependently of the network (NETWORK), 20 
which is controlled by the mobile equipment, 
and in which a decision to set up a connection 
is made in the mobile equipment. 

The protection method according to claim 1 . 2S 
characterized In that the protection method in- 
cludes phases in which: 

the mobile equipment (MS) generates a ran- 
dom number (RAND3) and signals (31 ) it to the 30 
network (NETWORK), 

both the mobile equipment and the network use 
the ciphered code (A-KEY) and the random 
number (RAND3) to calculate (32a, 32b) corre- 
sponding resulting numbers (MSARD. NE- 3S 
TRD), 

the network signals (33) its resulting number to 
the mobile equipment and 
the resulting numbers are compared with each 
other (34) and the decision to set up a connec- 40 
tk>n is nnade in the mobile equipment, based on 
the comparison. 

The protection method according to claim 1 or 2. 
characterized In that it also includes an authenti- ^ 
cation procedure (figure 1), which is controlled by 
the network (NETWORK) and in which the network 
makes the decision to set up a connection. 

so 
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(57) A protection method according to the present 
invention in a mobile communication system is charac- 
terized in that it includes an authentication procedure, 
which is initiated by mobile equipment (MS) independ- 
ently of a network (NETWORK), which is controlled by 
the mobile equipment, and in which a decision to set up 
a connection is made in the mobile equipment. The mo- 
bile equipment generates a random number (RAND3) 
and signals (31 ) it to the network. Then, both the mobile 
equipment and the network use an authentication algo- 
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(MSARD, NETRD) from the random number (RAND3) 
and an authentication code (A-KEY). The network sig- 
nals (33) its result (NETRD) to the nrrabile equipment, in 
which the results are compared with each other (34), 
and a decision is made regarding formation of a con- 
riection. The protection method also advantageously in- 
cludes an authentication procedure accordinq to the pri- 
or art, controlled by the network, for the purpose of ver- 
ifying the right of the subscriber to use the network. 
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